This means that there is no way of verifying the validity of the the certificate correct?
Is it not possible to just check whether the certificate got issued by a trusted CA and if
*.one.one.one is in the DNS name of the certificate?
That is what GRC web site https://www.grc.com/fingerprints.htm does but cloudflare site is the only one that it does not verify that I am aware.
Cloudflare actually verifies just fine. And the reason why you believe it is not, has actually been already explained a month ago. More than once.
As @domjh said, we are going in circles again.